Re: Security Problems

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Brad Knowles: "Re: Security Problems"
• Previous message: Terry Ritter: "Re: Security Problems"
• Maybe in reply to: Terry Ritter: "Security Problems"
• Next in thread: Brad Knowles: "Re: Security Problems"

At 1:50 PM 3/4/96, Terry Ritter wrote:

>  First of all, once the effort has been spent to exchange and certify
>  keys, there seems little point in sending plaintext.  Thus, there
>  need be no "tag."

    This assumes a perfect "memory" of previous communications and
that the order of communications does not get changed.  Both are
fundamentally flawed.  Memories can be lost (hard disk crash) and
communications are not guaranteed to remain in order (a lot of
networking protocols is packet reassembly and reordering).

    The standard needs to be such that each communication can stand
on its own, unless the users have done something on top of the
standard that requires them to have additional facilities available.
And if they place this additional restriction on top of the standard,
so be it, as it is their perogative to place further restrictions on
what constitutes "secure communications", but the standard must make
as reasonably certain as it can that making communications less
secure is difficult, unless the user does something blatantly stupid
such as posting their private keys.

--
Brad Knowles,                                  MIME/PGP: brad@his.com
    comp.mail.sendmail FAQ Maintainer     <http://www.his.com/~brad/>
        finger brad@his.com for my PGP Public Key and Geek Code
The comp.mail.sendmail FAQ is at <http://www.his.com/~brad/sendmail/>

• Next message: Brad Knowles: "Re: Security Problems"
• Previous message: Terry Ritter: "Re: Security Problems"
• Maybe in reply to: Terry Ritter: "Security Problems"
• Next in thread: Brad Knowles: "Re: Security Problems"